ABSTRACT:

REFERENCE LINKS:

IMPACT ASSESSMENT:

High

DISCUSSION:

The vulnerability is caused due to an error within the XML Signature Reference processing code and can be exploited to cause a heap-based buffer overflow via a specially crafted document containing malformed XPointer expressions.